Ability Mail Server < 2.61 Multiple Vulnerabilities

Medium Nessus Network Monitor Plugin ID 4293

Synopsis

The remote mail server is affected by denial of service vulnerabilities.

Description

The remote host appears to be running Ability Mail Server. According to its banner, the installed version of Ability Mail Server is affected by two issues that could cause the application to crash. One involves messages that are changed to a blank string, the other concerns IMAP4 commands with malformed number list ranges. It is not currently known whether either or both issues can be exploited without authentication.

Solution

Upgrade to version 2.61 or higher.

See Also

http://www.code-crafters.com/abilitymailserver/updatelog.html

Plugin Details

Severity: Medium

ID: 4293

Family: Web Servers

Published: 2007/11/21

Modified: 2016/01/21

Dependencies: 1442

Nessus ID: 28289

Risk Information

Risk Factor: Medium

CVSSv2

Base Score: 5

Temporal Score: 3.7

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

CVSSv3

Base Score: 5.3

Temporal Score: 4.6

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS3#E:U/RL:O/RC:C

Reference Information

CVE: CVE-2007-6101

BID: 26514